#!/bin/bash

set -e
set -x

useradd -M -s /sbin/nologin nginx

bypy download nginx-1.24.0.tar.gz

tar zxvf nginx-1.24.0.tar.gz 

cd nginx-1.24.0/
./configure --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/usr/local/nginx/config/nginx.conf --error-log-path=/usr/local/nginx/logs/error.log --http-log-path=/usr/local/nginx/logs/access.log --http-client-body-temp-path=/usr/local/nginx/tmp/client_body --http-fastcgi-temp-path=/usr/local/nginx/tmp/fastcgi --http-proxy-temp-path=/usr/local/nginx/tmp/proxy --http-scgi-temp-path=/usr/local/nginx/tmp/scgi --http-uwsgi-temp-path=/usr/local/nginx/tmp/uwsgi --pid-path=/usr/local/nginx/logs/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/generic-hardened-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fPIC -D_FORTIFY_SOURCE=2 -O2 -Wtrampolines -fsigned-char' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -specs=/usr/lib/rpm/generic-hardened-ld -Wl,-E -Wl,-z,relro -Wl,-z,now -Wl,-z,noexecstack'

make
make install
mkdir -p /usr/local/nginx/tmp
chown -R nginx:nginx /usr/local/nginx

cd ..
cp nginx.service /lib/systemd/system/
systemctl daemon-reload
systemctl enable --now nginx.service

set +x
set +e